dnssec-dsfromkey(8) Mac OS X Manual Page

Mac Dev Center Mac OS X Reference Library General Mac OS X Man Pages

This manual page is for Mac OS X version 10.6.3

If you are running a different version of Mac OS X, view the documentation locally:

In Terminal, using the man(1) command

Reading manual pages

Manual pages are intended as a quick reference for people who already understand a technology.

For more information about the manual page format, see the manual page for manpages(5).
For more information about this technology, look for other documentation in the Apple Reference Library.
For general information about writing shell scripts, read Shell Scripting Primer.


DNSSEC-DSFROMKEY(8)                                 BIND9                                DNSSEC-DSFROMKEY(8)



NAME
       dnssec-dsfromkey - DNSSEC DS RR generation tool

SYNOPSIS
       dnssec-dsfromkey [-v level] [-1] [-2] [-a alg] {keyfile}

       dnssec-dsfromkey {-s} [-v level] [-1] [-2] [-a alg] [-c class] [-d dir] {dnsname}

DESCRIPTION
       dnssec-dsfromkey outputs the Delegation Signer (DS) resource record (RR), as defined in RFC 3658 and
       RFC 4509, for the given key(s).

OPTIONS
       -1
           Use SHA-1 as the digest algorithm (the default is to use both SHA-1 and SHA-256).

       -2
           Use SHA-256 as the digest algorithm.

       -a algorithm
           Select the digest algorithm. The value of algorithm must be one of SHA-1 (SHA1) or SHA-256
           (SHA256). These values are case insensitive.

       -v level
           Sets the debugging level.

       -s
           Keyset mode: in place of the keyfile name, the argument is the DNS domain name of a keyset file.
           Following options make sense only in this mode.

       -c class
           Specifies the DNS class (default is IN), useful only in the keyset mode.

       -d directory
           Look for keyset files in directory as the directory, ignored when not in the keyset mode.

EXAMPLE
       To build the SHA-256 DS RR from the Kexample.com.+003+26160 keyfile name, the following command would
       be issued:

       dnssec-dsfromkey -2 Kexample.com.+003+26160

       The command would print something like:

       example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94

FILES
       The keyfile can be designed by the key identification Knnnn.+aaa+iiiii or the full file name
       Knnnn.+aaa+iiiii.key as generated by dnssec-keygen(8).

       The keyset file name is built from the directory, the string keyset- and the dnsname.

CAVEAT
       A keyfile error can give a "file not found" even if the file exists.

SEE ALSO
       dnssec-keygen(8), dnssec-signzone(8), BIND 9 Administrator Reference Manual, RFC 3658, RFC 4509.

AUTHOR
       Internet Systems Consortium

COPYRIGHT
       Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")



BIND9                                         November 29, 2008                          DNSSEC-DSFROMKEY(8)

Reporting Problems

The way to report a problem with this manual page depends on the type of problem:

Content errors: Report errors in the content of this documentation with the feedback links below.
Bug reports: Report bugs in the functionality of the described tool or API through Bug Reporter.
Formatting problems: Report formatting mistakes in the online version of these pages with the feedback links below.

Did this document help you?